search

ansible / ansible-container

DEPRECATED -- Ansible Container was a tool to build Docker images and orchestrate containers using only Ansible playbooks.
GNU Lesser General Public License v3.0
2.19k stars 393 forks source link

Version 0.9.2 build failure with rpm_key module #729

Open jschulthess opened 7 years ago

jschulthess commented 7 years ago
ISSUE TYPE
container.yml
version: "2"
settings:
  # The Conductor container does the heavy lifting, and provides a portable
  # Python runtime for building your target containers. It should be derived
  # from the same distribution as you're building your target containers with.
  #conductor_base: centos:7
  conductor:
    base: centos:7
    #roles:
    #- geerlingguy.java
    volumes:
    - temp-space:/tmp   # Used to copy static content between containers

  # The deployment_output_path is mounted to the Conductor container, and the 
  # `run` and `deployment` commands then write generated Ansible playbooks to it.
  # deployment_output_path: ./ansible-deployment

  # When using the k8s or openshift engines, use the following to set the namespace.
  # If not set, the project name will be used. For openshift, the namespace maps to a project,
  # and description and display_name are supported.
  k8s_namespace:
    name: elk-stack
    description: Elk Stack orchestrated with Ansible Container
    display_name: Elk Stack using Ansible Container

services:

  elasticsearch:
    from: centos:7
    roles:
    - role: jschulthess.elasticsearch-container
      elasticsearch_java_home: /usr/lib/jvm/jre
      elasticsearch_debug: True
      #elasticsearch_example_enable: true

    # Set example_earthquakes_create to 'true', if sameple data should be loaded
    #  into ncedc-earthquakes index.
    - role: example_earthquakes
      example_earthquakes_create: true

    ports:
    - 9200:9200
    expose:
    - 9200
    - 9300
    restart: always
    user: elasticsearch
    working_dir: /usr/share/elasticsearch/bin
    command: [/usr/bin/container_command.sh]
    #command: [./elasticsearch]
    #entrypoint: ["/usr/bin/entrypoint.sh"]

    #volumes:
    #- your_volume:/usr/share/elasticsearch/data
    #- your_volume:/usr/share/elasticsearch/logs
    #- your_volume:/usr/share/elasticsearch/config

  logstash:
    from: centos:7
    roles:
    - role: jschulthess.logstash-container
      logstash_java_home: /usr/lib/jvm/jre

    # Set create_example to 'true', if sameple data should be loaded
    #  into apache_elk_example index.
    - role: create_example
      create_example: false
    #- role: example_weblog
    #  example_weblog_create: false

    ## Set example_earthquakes_create to 'true', if sameple data should be loaded
    ##  into ncedc-earthquakes index.
    #- role: example_earthquakes
    #  example_earthquakes_create: true

    ports:
    - 5044:5044
    links:
    - elasticsearch
    restart: always
    working_dir: /usr/share/logstash/bin
    command: [./logstash, agent, -f, /etc/logstash/conf.d]
    environment:
    - JAVACMD=/usr/bin/java
    entrypoint: ["/usr/bin/entrypoint.sh"]

    #volumes:
    #- your_configuration_volume:/etc/logstash/conf.d

  kibana:
    from: centos:7
    roles:
    - role: jschulthess.kibana-container
      #kibana_debug: true
    ports:
    - 5601:5601
    user: kibana
    links:
    - elasticsearch
    working_dir: /usr/share/kibana/bin
    command: [./kibana]

registries: {}
  # Add optional registries used for deployment. For example:
  #  google:
  #    url: https://gcr.io
  #    namespace: my-cool-project-xxxxxx
OS / ENVIRONMENT
$ ansible-container --debug version
Ansible Container, version 0.9.2
Linux, jschulthess-puzzle.ep4.puzzle.ch, 4.4.0-93-generic, #116-Ubuntu SMP Fri Aug 11 21:17:51 UTC 2017, x86_64
2.7.12 (default, Nov 19 2016, 06:48:10) 
[GCC 5.4.0 20160609] /usr/bin/python
{
  "ContainersPaused": 0, 
  "Labels": null, 
  "CgroupDriver": "cgroupfs", 
  "ContainersRunning": 1, 
  "ContainerdCommit": {
    "Expected": "9048e5e50717ea4497b757314bad98ea3763c145", 
    "ID": "9048e5e50717ea4497b757314bad98ea3763c145"
  }, 
  "InitBinary": "docker-init", 
  "NGoroutines": 27, 
  "Swarm": {
    "ControlAvailable": false, 
    "NodeID": "", 
    "Error": "", 
    "RemoteManagers": null, 
    "LocalNodeState": "inactive", 
    "NodeAddr": ""
  }, 
  "LoggingDriver": "json-file", 
  "OSType": "linux", 
  "HttpProxy": "", 
  "Runtimes": {
    "runc": {
      "path": "docker-runc"
    }
  }, 
  "DriverStatus": [
    [
      "Root Dir", 
      "/var/lib/docker/aufs"
    ], 
    [
      "Backing Filesystem", 
      "extfs"
    ], 
    [
      "Dirs", 
      "117"
    ], 
    [
      "Dirperm1 Supported", 
      "true"
    ]
  ], 
  "OperatingSystem": "Ubuntu 16.04.3 LTS", 
  "Containers": 7, 
  "HttpsProxy": "", 
  "BridgeNfIp6tables": true, 
  "MemTotal": 16710258688, 
  "SecurityOptions": [
    "name=apparmor", 
    "name=seccomp,profile=default"
  ], 
  "Driver": "aufs", 
  "IndexServerAddress": "https://index.docker.io/v1/", 
  "ClusterStore": "", 
  "InitCommit": {
    "Expected": "949e6fa", 
    "ID": "949e6fa"
  }, 
  "Isolation": "", 
  "SystemStatus": null, 
  "OomKillDisable": true, 
  "ClusterAdvertise": "", 
  "SystemTime": "2017-09-12T20:50:51.716448717+02:00", 
  "Name": "jschulthess-puzzle.ep4.puzzle.ch", 
  "CPUSet": true, 
  "RegistryConfig": {
    "InsecureRegistryCIDRs": [
      "127.0.0.0/8"
    ], 
    "IndexConfigs": {
      "docker.io": {
        "Official": true, 
        "Name": "docker.io", 
        "Secure": true, 
        "Mirrors": []
      }
    }, 
    "Mirrors": []
  }, 
  "DefaultRuntime": "runc", 
  "ContainersStopped": 6, 
  "NCPU": 4, 
  "NFd": 22, 
  "Architecture": "x86_64", 
  "KernelMemory": true, 
  "CpuCfsQuota": true, 
  "Debug": false, 
  "ID": "4UKG:O4RS:EBU6:ZGXD:W2NR:LXD4:PDTT:7SMO:EBQO:QCXQ:MXWT:FNKU", 
  "IPv4Forwarding": true, 
  "KernelVersion": "4.4.0-93-generic", 
  "BridgeNfIptables": true, 
  "NoProxy": "", 
  "LiveRestoreEnabled": false, 
  "ServerVersion": "17.05.0-ce", 
  "CpuCfsPeriod": true, 
  "ExperimentalBuild": false, 
  "MemoryLimit": true, 
  "SwapLimit": false, 
  "Plugins": {
    "Volume": [
      "local"
    ], 
    "Network": [
      "bridge", 
      "host", 
      "macvlan", 
      "null", 
      "overlay"
    ], 
    "Authorization": []
  }, 
  "Images": 62, 
  "DockerRootDir": "/var/lib/docker", 
  "NEventsListener": 0, 
  "CPUShares": true, 
  "RuncCommit": {
    "Expected": "9c2d8d184e5da67c95d601382adf14862e4f2228", 
    "ID": "9c2d8d184e5da67c95d601382adf14862e4f2228"
  }
}
{
  "KernelVersion": "4.4.0-93-generic", 
  "Arch": "amd64", 
  "BuildTime": "2017-05-04T22:10:54.638119411+00:00", 
  "ApiVersion": "1.29", 
  "Version": "17.05.0-ce", 
  "MinAPIVersion": "1.12", 
  "GitCommit": "89658be", 
  "Os": "linux", 
  "GoVersion": "go1.7.5"
}
SUMMARY

Using 0.9.2, a task like the following:

fails with: fatal: [elasticsearch]: FAILED! => {"changed": false, "failed": true, "msg": "gpg: no valid OpenPGP data found.\ngpg: processing message failed: Unknown system error\n"} even though the URL shows seemingly valid GPG key data.

STEPS TO REPRODUCE
ansible-container build
EXPECTED RESULTS
ACTUAL RESULTS
$ ansible-container build
Building Docker Engine context...   
Starting Docker build of Ansible Container Conductor image (please be patient)...   
Parsing conductor CLI args.
Docker™ daemon integration engine loaded. Build starting.   project=elk-stack-container
Building service... project=elk-stack-container service=elasticsearch

PLAY [elasticsearch] ***********************************************************

TASK [Gathering Facts] *********************************************************
ok: [elasticsearch]

TASK [jschulthess.elasticsearch-container : Add Elasticsearch GPG key.] ********
fatal: [elasticsearch]: FAILED! => {"changed": false, "failed": true, "msg": "gpg: no valid OpenPGP data found.\ngpg: processing message failed: Unknown system error\n"}
    to retry, use: --limit @/tmp/tmpNibXb_/playbook.retry

PLAY RECAP *********************************************************************
elasticsearch              : ok=1    changed=0    unreachable=0    failed=1

ERROR   Error applying role!    engine=<container.docker.engine.Engine object at 0x1648150> exit_code=2 playbook=[{'hosts': u'elasticsearch', 'roles': [ordereddict([('elasticsearch_java_home', '/usr/lib/jvm/jre'), ('elasticsearch_debug', True), ('role', 'jschulthess.elasticsearch-container')])], 'vars': {}}]
Traceback (most recent call last):
  File "/usr/bin/conductor", line 11, in <module>
    load_entry_point('ansible-container', 'console_scripts', 'conductor')()
  File "/_ansible/container/__init__.py", line 19, in __wrapped__
    return fn(*args, **kwargs)
  File "/_ansible/container/cli.py", line 399, in conductor_commandline
    **params)
  File "/_ansible/container/__init__.py", line 19, in __wrapped__
    return fn(*args, **kwargs)
  File "/_ansible/container/core.py", line 813, in conductorcmd_build
    raise RuntimeError('Build failed.')
RuntimeError: Build failed.
Conductor terminated. Cleaning up.  command_rc=1 conductor_id=e51f4081ffed961787e02a90f9b0cd7792237e14278694628059e3a855c73635 save_container=False
ERROR   Conductor exited with status 1
jschulthess commented 7 years ago

The key in question is: Version: GnuPG v2.0.14 (GNU/Linux)

Could it be that the ansible "rpm_key" module uses v1.x?

pescobar commented 7 years ago

I am experiencing the same issue using the rpm_key module in Vagrant VM using the vagrant image centos/7 and ansible-2.4.0.0

EDIT: After some testing I have noticed that these combinations work:

pescobar commented 7 years ago

I have found a workaround by installing the epel-release rpm before trying to add the keys. Not sure why it solves it.